Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11924 1 Icegram 1 Icegram Express 2025-04-29 3.5 Low
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1523 1 Davidvongries 1 Ultimate Dashboard 2025-04-29 3.5 Low
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-34875 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-04-29 3.3 Low
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981.
CVE-2022-40663 1 Nikon 1 Nis-elements Viewer 2025-04-29 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.
CVE-2024-55279 1 Uguu 1 Uguu 2025-04-29 6 Medium
Uguu through 1.8.9 allows Cross Site Scripting (XSS) via JavaScript in XML files.
CVE-2022-3895 1 Hallowelt 2 Bluespice, Common User Interface 2025-04-29 4 Medium
Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
CVE-2024-11503 1 Shapedplugin 1 Wp Tabs 2025-04-29 6.1 Medium
The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-12109 1 Acowebs 1 Product Labels For Woocommerce \(sale Badges\) 2025-04-29 4.1 Medium
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-12769 1 Simple Banner Project 1 Simple Banner 2025-04-29 3.5 Low
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-13863 1 Wppluginbox 1 Stylish Google Sheet Reader 2025-04-29 7.1 High
The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-9770 1 Plechevandrey 1 Wp-recall 2025-04-29 4.7 Medium
The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2022-4116 2 Quarkus, Redhat 3 Quarkus, Build Of Quarkus, Quarkus 2025-04-29 9.8 Critical
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVE-2022-45536 1 Aerocms Project 1 Aerocms 2025-04-29 4.9 Medium
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
CVE-2022-44158 1 Tenda 2 Ac21, Ac21 Firmware 2025-04-29 7.5 High
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.
CVE-2022-44156 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-29 7.5 High
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.
CVE-2022-3690 1 Code-atlantic 1 Popup Maker 2025-04-29 5.5 Medium
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins
CVE-2022-3688 1 2code 1 Wpqa Builder 2025-04-29 8.8 High
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks
CVE-2022-3634 1 Ciphercoin 1 Contact Form 7 Database Addon 2025-04-29 9.8 Critical
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
CVE-2022-3618 1 Clevelandwebdeveloper 1 Spacer 2025-04-29 4.8 Medium
The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
CVE-2025-25916 1 Wuzhicms 1 Wuzhicms 2025-04-29 5.4 Medium
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.